Version Control

The Drupal Code

Two Drupal modules can be found in the repository:

shib_fake

This is a convenience module for development purposes. It was useful for developing bamboo_as.module on a local AMP stack where Shibboleth was not installed. See the README.md in this module for more info.

bamboo_as

This module was intended to be installed on a centrally-deployed site through which users of multiple clients would maintain their Bamboo identities. This site was instantiated during the period of the Bamboo Technology Project at https://accounts-dev.projectbamboo.org/accounts (no longer maintained).

Development of this module was halted when funding for a second phase of Project Bamboo software development was not forthcoming.

A demonstration (including webcast) described in a blog entry of November 2012, User-onboarding: creating a Bamboo Identity, shows how far we got with this module. Watch the video here to understand how the module works from a user perspective (with an unfinished user interface), and vis-a-vis user attributes passed into the Drupal environment by the authentication process, managed by the Shibboleth SP Drupal module shib_auth.

REST examples in bamboo_as.module

Some examples of the REST calls made in this module may be useful to developers of future clients to Bamboo's IAM services:

Use Case: Does the User have a Bamboo Person ID? (GET)

The shib_auth module installed in the Drupal instance permits Drupal to act as a Shibboleth Service Provider. When a user logs in via Shib the shib_auth module populates some PHP $_SERVER variables. The first thing we do is throw an error if the expected variables don't exist:

if (!isset($_SERVER['persistent-id']) || !isset($_SERVER['Shib-Identity-Provider'])) {
drupal_set_message('Required variables are not present. Please ensure that both shib_auth and all the identity providers are configured corretly.', 'error');
return;
}

Create a sha256 hash of the persistent-id (an expected / required practice for passing user identities between clients and the Bamboo Person service)

populate the object with required values, identifying the IdP used to authenticate and the authenticated user, provided via the shib_auth module on successful authentication (note that the combination of user identifier and IdP identifier were called a "sourced Id" by the team that implemented the Bamboo IAM infrastructure):

As of the time this documentation was written, some months after completion of the code, the reason for including then removing the XML declaration was not clearly recalled. The assumption is that SimpleXML requires the declaration to load the string, but that declaration should not be present when the POST is made to backing services hosted by the BSP. Caveat lector.